Security breach exposes credit card details from 16 companies

A security vulnerability affecting 16 companies worldwide, including Air Canada, the CN Tower, and the San Diego Zoo, has potentially revealed the unencrypted credit card data of hundreds of thousands of customers, according to a report by threat detection firm Wandera.

The vulnerability, which Wandera dubbed "CardCrypt," comes after a failure of companies to effectively encrypt their customers" credit card data. The 16 global companies, including numerous airlines, failed to effectively encrypt traffic to the payment portion of their websites and apps.

According to Wandera, the 16 affected companies - which are listed below - serve a combined 500,000 customers a day, meaning information on hundreds of thousands of credit cards may have been exposed over the course of the vulnerability.

The 16 companies currently affected by the security vulnerability are:

Company Country Industry
easyJet UK Air Travel
Aer Lingus Ireland Air Travel
Chiltern Railways UK Rail Travel
Dash Card Services UK Parking Services
KV Cars UK Taxi Services
PerfectCard.ie Ireland Gift Cards
1Robe.fr France Weddings & Bridal
Oui Car France Taxi Services
San Diego Zoo US Zoo
Air Canada Canada Air Travel
CN Tower Canada Tourist Destination
American Taxi US Taxi Services
Hotwire Communications US Broadband/Telecom
Tribeca Med Spa US Health & Wellness
AirAsia Malaysia Air Travel
Sistic Singapore Events & Ticketing

Although it is currently unknown whether any credit card information has been accessed by an unauthorized third party, customers of the aforementioned companies should take steps to secure their information, including potentially cancelling any affected credit cards and monitoring their accounts for any suspicious activity.

Wandera says the breach may have compromised information including credit card numbers, CVVs, passport details, vehicle registration information, email addresses, billing address, and phone numbers.

Wandera has called on all affected companies to implement proper security protocols and encryption in their services. Chiltern Railways, the San Diego Zoo, CN Tower, Aer Lingus, easyJet, and Air Canada have confirmed that they have resolved the issue and fixed their security vulnerabilities.

Source: Wandera

Report a problem with article
Next Article

Some lucky Insiders are getting free hardware from Microsoft to test out Continuum

Previous Article

The Xbox Wireless Adapter no longer requires Windows 10